The incredible features that the modern connected medical devices come equipped with continue to dramatically revolutionize the management of long-term chronic diseases and treatment of acute illnesses. With the evolution of these technologies, the threats to the reliability and security of these devices are also increasing.

The increasing usage of smart medical devices, mobile health applications, and connected hospital infrastructure has increased the need for application security and wireless security. We can rightly say that connected medical devices are a double-edged sword in the age of IoT as they are capable of playing a transformational role in the healthcare industry and they are also the tool that exposes health care providers and patients to cyber security and safety risks like hacking, unauthorized access, and malware.

Though medical devices with features like near-field communication, wireless connectivity, and remote monitoring are a boon for healthcare professionals and patients, these are also the potential exposure points.

Medical Devices That Are Vulnerable

Connected medical devices generally work on different kinds of software to execute their functions. They are susceptible to exploitation and intrusion by cyber criminals who continuously look for vulnerabilities in all kinds of connected systems.

The kinds of devices that are prone to be hacked are those that are used for patient care and diagnostics. Few of the medical devices that face the highest vulnerabilities are:

  • Implantable cardiovascular defibrillators (ICDs) and infusion pumps
  • Devices that obtain, record, and communicate images on networks within medical facilities, such as Ultrasound, Magnetic Resonance (MR), Computed Tomography (CT), and endoscopy devices
  • Devices that interact with clinical lab analyzers, such as lab information systems

These devices are susceptible as they have web administration interfaces with very weak, easy-to-crack passwords or without password protection.

Data Security Threats for Medical Devices

The network-connected group of medical devices is much larger than the Implantable Medical Devices (IMD) group, though both these groups have something in common, which is their long lifespan. The biggest risk to all these medical devices is that they don’t have the basic security measures like a firewall or antivirus.

The security risk is that when a malware enters a healthcare facility and spreads all through the network to attack the highly susceptible medical devices, it either causes the system to crash or quickly infects these systems. In cases where the medical device gets infected, its battery may run down quickly and switch off, failing to offer the critical life-sustaining care. Considering such threats and the losses it could cause, it’s crucial to safeguard the medical devices all through their lifespan.

How to Mitigate Medical Device Security Threats?

The most efficient way is undoubtedly micro segmentation, in which these systems are locked down and protected by the network they are connected to.

Today’s contemporary network infrastructure supports several advanced security technologies. For example, mobile XR systems can be implemented in setups that demand very high standards of security (such as in military hospitals).

Security group tags are a suitable way of controlling network traffic. In this way, only authorized personnel will have access to the medical devices and the systems will be able to interact only with specific internal IP addresses that use predetermined protocols and ports. The network will ignore anything else, including access attempts from unauthorized people and malware traffic.

FDA’s Recommendations to Mitigate Security Risks

Addressing the concern of security threats in medical devices is challenging. It’s the responsibility of medical device manufacturers and healthcare facilities to manage these risks. It’s important to attain a balance between protecting the safety of patients and promoting enhanced device performance and advancement of innovative technologies. Healthcare facilities and medical device manufacturers should implement steps to ensure that appropriate security measures are in place.

Here’s what FDA recommends to mitigate and manage security risks:

  • It’s the responsibility of the manufacturers to be vigilant about detecting threats associated with the devices, including cybersecurity risks. They are liable for implementing appropriate measures to address the safety threats and ensure optimal performance of the devices. The manufacturers may not have to retest their devices when they release updates and patches, but they have to ensure that their devices are compliant with their original authentication.
  • On the part of healthcare facilities, they need to examine their network security regularly and safeguard their hospital systems.

Securing medical devices in the age of IoT is teamwork and shared responsibility.

With cyber breaches deviating from upright data thefts to harmful acts that could cause disruptions, it’s important for healthcare facilities to review the medical devices connected to networks to safeguard their patients and infrastructure from malevolent attacks.

Written by Quest Global

on 06 Dec 2017